﻿using System;
using System.Collections.Generic;
using System.Text;
using System.Web;
using System.Text.RegularExpressions;

namespace Common
{
    public class CheckMes
    {
        /// <summary>
        /// 防注入过滤 过滤or,and ',&,+,,,'',
        /// </summary>
        /// <param name="str"></param>
        /// <returns></returns>
        public static string safeRequest(string str)
        {
            string nstr = str.Replace("'", "").Replace("&", "").Replace(",", "").Replace("''", "");
            return nstr;
        }

        /// <summary>
        /// 关键字检测--防注入
        /// </summary>
        /// <param name="strInput"></param>
        /// <returns></returns>
        public static bool CheckKeyWord(string strInput)
        {
            if ((strInput != null) && (strInput != ""))
            {
                string str = strInput.ToUpper();

                string[] immit = { "'", "%24", "%27", "%3a", "%3b", "%3c", ";", "'", "--", "*", "\\", "&", ";", "{", "}", "(", ")", "--", "UPDATE", "DELETE", "CREATE", "ALTER", "DROP", "EXEC", "INSERT" };

                for (int i = 0; i < immit.Length; i++)
                {
                    int t = str.IndexOf(immit[i]);

                    if (t != -1)
                    {
                        return true;
                    }
                }
            }
            return false;
        }
        /// <summary>
        /// 检测用户状态 是否在线（检测session）
        /// </summary>
        /// <param name="strKey">状态键值</param>
        /// <param name="strThrowUrl">跳转的URL</param>
        public static void CheckState(string strKey, string strThrowUrl, string strMes)
        {
            string strSession = Common.GetMes.GetSession(strKey);
            if (string.IsNullOrEmpty(strSession))
            {
                System.Web.HttpContext.Current.Response.Write("<script>");
                System.Web.HttpContext.Current.Response.Write("alert(\"" + strMes + "\");");
                System.Web.HttpContext.Current.Response.Write("top.location.href=\"" + strThrowUrl + "\";");
                System.Web.HttpContext.Current.Response.Write("</script>");
                System.Web.HttpContext.Current.Response.End();
            }
        }
        /// <summary>
        /// 给页面写入指定内容
        /// </summary>
        /// <param name="str">要写入的内容</param>
        public static void showHtmlMsg(string str)
        {
            System.Web.HttpContext.Current.Response.Write(str);
            System.Web.HttpContext.Current.Response.End();
        }

    }
}
